In recent years, defensive measures have been proposed against cyber attack to corporations or social infrastructure. As such a defensive measure, a countermeasure is taken of monitoring, sensing and blocking cyber attack and virus intrusion. However, due to advanced manners of attacking method, technical difficulties in perfectly securing accuracy of detecting attack, and the like, it is very difficult to perfectly protect corporations and social infrastructure from virus intrusion.
Under these circumstances, as a defensive measure premised on that cyber attack intrudes into a corporation and a network with which social infrastructure is constructed, or on that viruses have already intruded inside, it is crucial to prevent damages caused by new infection (also referred to as infection spread, secondary infection) derived from the viruses.
As one method of preventing infection spread, a technique of sensing viruses (or a computer infected with viruses) using dummy information (also referred to as false information, or trap information) is proposed.
PTL 1 discloses a device which determines whether identification information set with a terminal in advance is included and, when the set identification information is not included, detects the terminal as an infected terminal.
Additionally, PTL 2 discloses a system which stores genuine setting information necessary for transmission of an electronic mail to a mail server, and dummy setting information for the setting information. This system detects an electronic mail generated using dummy setting information as a wrongful electronic mail.